mod/photo.php

   1 <?php
   2
   3 function photo_init(&$a) {
   4
   5         switch($a->argc) {
   6                 case 3:
   7                         $person = $a->argv[2];
   8                         $type = $a->argv[1];
   9                         break;
  10                 case 2:
  11                         $photo = $a->argv[1];
  12                         break;
  13                 case 1:
  14                 default:
  15                         killme();
  16                         return; // NOTREACHED
  17         }
  18
  19         $default = 'images/default-profile.jpg';
  20
  21         if(isset($type)) {
  22                 switch($type) {
  23
  24                         case 'profile':
  25                                 $resolution = 4;
  26                                 break;
  27                         case 'micro':
  28                                 $resolution = 6;
  29                                 $default = 'images/default-profile-mm.jpg';
  30                                 break;
  31                         case 'avatar':
  32                         default:
  33                                 $resolution = 5;
  34                                 $default = 'images/default-profile-sm.jpg';
  35                                 break;
  36                 }
  37
  38                 $uid = str_replace('.jpg', '', $person);
  39
  40                 $r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
  41                         intval($resolution),
  42                         intval($uid)
  43                 );
  44                 if(count($r)) {
  45                         $data = $r[0]['data'];
  46                 }
  47                 if(! isset($data)) {
  48                         $data = file_get_contents($default);
  49                 }
  50         }
  51         else {
  52
  53                 $resolution = 0;
  54                 $photo = str_replace('.jpg','',$photo);
  55
  56                 if(substr($photo,-2,1) == '-') {
  57                         $resolution = intval(substr($photo,-1,1));
  58                         $photo = substr($photo,0,-2);
  59                 }
  60
  61                 $r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
  62                         dbesc($photo),
  63                         intval($resolution)
  64                 );
  65                 if(count($r)) {
  66
  67                         $owner = $r[0]['uid'];
  68
  69                         $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
  70
  71                         if(local_user() && ($owner == $_SESSION['uid'])) {
  72
  73                                 // Owner can always see his/her photos
  74                                 $sql_extra = '';
  75
  76                         }
  77                         elseif(remote_user()) {
  78
  79                                 // authenticated visitor - here lie dragons
  80
  81                                 $groups = init_groups_visitor($_SESSION['visitor_id']);
  82                                 $gs = '<<>>'; // should be impossible to match
  83                                 if(count($groups)) {
  84                                         foreach($groups as $g)
  85                                                 $gs .= '|<' . intval($g) . '>';
  86                                 }
  87
  88                                 $sql_extra = sprintf(
  89                                         " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
  90                                           AND ( `deny_cid`  = '' OR  NOT `deny_cid` REGEXP '<%d>' )
  91                                           AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
  92                                           AND ( `deny_gid`  = '' OR NOT `deny_gid` REGEXP '%s') ",
  93
  94                                         intval($_SESSION['visitor_id']),
  95                                         intval($_SESSION['visitor_id']),
  96                                         dbesc($gs),
  97                                         dbesc($gs)
  98                                 );
  99                         }
 100
 101                         // Now we'll see if we can access the photo
 102
 103                         $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d $sql_extra LIMIT 1",
 104                                 dbesc($photo),
 105                                 intval($resolution)
 106                         );
 107
 108                         if(count($r)) {
 109                                 $data = $r[0]['data'];
 110                         }
 111                 }
 112         }
 113
 114         if(x($data) === false) {
 115                 killme();
 116                 return; // NOTREACHED
 117         }
 118
 119         header("Content-type: image/jpeg");
 120         header('Expires: ' . datetime_convert('UTC','UTC', 'now + 3 months', 'D, d M Y H:i:s' . ' GMT'));
 121 //      header("Cache-Control: max-age=36000, only-if-cached");
 122         echo $data;
 123         killme();
 124         return; //NOTREACHED
 125 }